Jim Meyering found a race condition in the way Automake used to
prepare content of directories hierarchy (top-level directory
and its subdirectories), when the "distdir" based Automake target
was used. A local attacker could use this flaw to inject malicious
content into the resulting directory and potentially subsequently
execute arbitrary code with the privileges of the user issuing
the "./configure" command.
Upstream patch:
---------------
http://thread.gmane.org/gmane.comp.sysutils.automake.patches/3743

This issue affects the versions of the automake package, as shipped
with Red Hat Enterprise Linux 3, 4, and 5.
This issue affects the versions of the automake package, as shipped
with Fedora release of 10, 11, and 12.